Vulnerabilities > Phpmywind
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-7661 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2019-03-07 | CVE-2019-7660 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2019-02-18 | CVE-2019-8435 | Cross-site Scripting vulnerability in PHPmywind 5.5 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | 4.8 |
| 2019-02-05 | CVE-2019-7403 | Path Traversal vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 4.9 |
| 2019-02-05 | CVE-2019-7402 | Cross-site Scripting vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2018-09-17 | CVE-2018-17134 | Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | 7.2 |
| 2018-09-17 | CVE-2018-17133 | Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | 7.2 |
| 2018-09-17 | CVE-2018-17132 | Code Injection vulnerability in PHPmywind 5.5 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | 7.2 |
| 2018-09-17 | CVE-2018-17131 | Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | 7.2 |
| 2018-09-17 | CVE-2018-17130 | Cross-site Scripting vulnerability in PHPmywind 5.5 PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | 5.4 |